Fix docker image scan action #535

Workflow file for this run

	name: CI

	# Run in master and dev branches and in all pull requests to those branches
	on:
	push:
	branches: [ master, dev ]
	pull_request:
	branches: [ master, dev ]

	env:
	REGISTRY: ghcr.io
	REPOSITORY: ${{ github.repository }}
	IMAGES: >-
	[{
	'name': 'authorizer-app-backend',
	'build_file': 'authorizer-app-backend/Dockerfile',
	'authors': 'Pauline Conde <pauline.conde@kcl.ac.uk>, Pim van Nierop <pim@thehyve.nl>',
	'description': 'RADAR-base rest sources authorizer backend application',
	'cache_keys_files': ['authorizer-app-backend/Dockerfile', '*/.gradle.kts', 'gradle.properties', 'authorizer-app-backend/src/main/**']
	},{
	'name': 'authorizer-app',
	'build_file': 'authorizer-app/Dockerfile',
	'authors': 'Peyman Mohtashami <peyman@thehyve.nl>, Pauline Conde <pauline.conde@kcl.ac.uk>',
	'description': 'RADAR-base rest sources authorizer frontend application'
	'cache_keys_files': ['authorizer-app/**']
	}]

	jobs:
	kotlin:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v5

	- uses: actions/setup-java@v5
	with:
	distribution: temurin
	java-version: 17

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v4

	- name: Compile code
	run: ./gradlew assemble

	- name: Check
	run: ./gradlew check

	node:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v5

	- name: Use Node.js 18
	uses: actions/setup-node@v4
	with:
	node-version: 18
	cache: yarn
	cache-dependency-path: '**/yarn.lock'

	- name: Install Yarn dependencies
	working-directory: ./authorizer-app
	run: yarn install

	- name: Yarn build
	working-directory: ./authorizer-app
	run: yarn build

	prepare-matrix:
	name: Prepare Matrix Output
	permissions: {}
	runs-on: ubuntu-latest
	outputs:
	images: ${{ steps.step1.outputs.matrix }}
	steps:
	- name: Create Matrix Variable
	id: step1
	run: echo "matrix=${{ env.IMAGES }}" >> $GITHUB_OUTPUT

	docker:
	needs: prepare-matrix
	runs-on: ubuntu-latest
	strategy:
	matrix:
	image: ${{ fromJson(needs.prepare-matrix.outputs.images ) }}
	permissions:
	contents: read
	packages: write

	steps:
	- uses: actions/checkout@v5

	- name: Docker build parameters
	id: docker_params
	run: \|
	echo "::set-output name=has_docker_login::${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}"
	if [ "${{ github.event_name == 'pull_request' }}" = "true" ]; then
	echo "::set-output name=push::false"
	echo "::set-output name=load::true"
	echo "::set-output name=platforms::linux/amd64"
	else
	echo "::set-output name=push::true"
	echo "::set-output name=load::false"
	echo "::set-output name=platforms::linux/amd64,linux/arm64"
	fi

	- name: Cache Docker layers
	uses: actions/cache@v4
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ matrix.image.name }}-${{ hashFiles(matrix.image.cache_key_files) }}
	restore-keys: \|
	${{ runner.os }}-buildx-${{ matrix.image.name }}-

	- name: Cache parameters
	id: cache-parameters
	run: \|
	if [ "${{ steps.cache_buildx.outputs.cache-hit }}" = "true" ]; then
	echo "::set-output name=cache-to::"
	else
	echo "::set-output name=cache-to::type=local,dest=/tmp/.buildx-cache-new,mode=max"
	fi

	- name: Login to Container Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Lowercase image name
	run: \|
	echo "DOCKER_IMAGE=${REGISTRY}/${REPOSITORY,,}/${{ matrix.image.name }}" >>${GITHUB_ENV}

	# Add Docker labels and tags
	- name: Docker meta
	id: docker_meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.DOCKER_IMAGE }}

	# Setup docker build environment
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build backend docker and optionally push
	uses: docker/build-push-action@v6
	with:
	context: .
	file: ${{ matrix.image.build_file }}
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: ${{ steps.cache-parameters.outputs.cache-to }}
	platforms: ${{ steps.docker_params.outputs.platforms }}
	load: ${{ steps.docker_params.outputs.load }}
	push: ${{ steps.docker_params.outputs.push }}
	tags: ${{ steps.docker_meta.outputs.tags }}
	# Use runtime labels from docker_meta as well as fixed labels
	labels: \|
	${{ steps.docker_meta.outputs.labels }}
	maintainer=${{ matrix.image.authors }}
	org.opencontainers.image.description=${{ matrix.image.description }}
	org.opencontainers.image.authors=${{ matrix.image.authors }}
	org.opencontainers.image.vendor=RADAR-base
	org.opencontainers.image.licenses=Apache-2.0

	- name: Pull images
	if: steps.docker_params.outputs.load == 'false'
	run: docker pull ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}

	- name: Inspect docker images
	run: \|
	docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
	docker run --rm ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }} curl --version

	# Temp fix
	# https://github.com/docker/build-push-action/issues/252
	# https://github.com/moby/buildkit/issues/1896
	- name: Move docker build cache
	if: steps.cache_buildx.outputs.cache-hit != 'true'
	run: \|
	rm -rf /tmp/.buildx-cache
	mv /tmp/.buildx-cache-new /tmp/.buildx-cache

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix docker image scan action #535

Workflow file

Fix docker image scan action #535

Uh oh!

Workflow file for this run